Below you find information on how your personal data is processed in relation with and to the purpose of the usage of the website.
I. General Data Protection Notes
Name and contact information of the responsible person regarding data processing in accordance with the General Data Protection Regulation (GDPR)
Grafikstiftung Neo Rauch
Stiftung bürgerlichen Rechts
Vertreten durch den Vorstand: Kerstin Wahala (1. Vorsitzende), Thomas Leimbach, Hans-Michael Strube
Wilhelmstr. 21–23 D-06449 Aschersleben
Purpose and legal basis regarding the collection and processing and the provision of personal data
Usage of the website
Within the framework of the provision and keeping of the website we process personal data of the visitors of the website in compliance with the legal provisions of the General Data Protection Regulation (GDPR). The collection and processing of data serves,
in particular, to ensure the functionality of the website to offer our contents, as the case may be, to communicate with you and to offer and perform services.
There is no statutory or contractual obligation to provide personal data when you visit our website. However, if you do not provide such data, the functionality of our website may be restricted or impossible.
We collect the personal data required for the purposes of the conclusion or processing of contracts as well as for the purposes of answering your enquiries prior to a contract.
- in the case of a request of contact: your name and means of contact (phone, email or fax)
- in the case of a conclusion and processing of contract: your name, address, contact information (phone, email or fax), possibly also VAT identification number and information regarding existing register entries (esp. in the trade register), the name
and contact information of a contact person designed by you, bank details (esp. in the case of a SEPA debit order), date of birth.
These data are stored and used exclusively in order to reply to your contact requests prior to a contract, and within the framework of contract conclusion and processing and any related accounting and tax matters, in order to correspond with you, to identify
you as our contractual partner, for billing and settling of accounts and to be able to enforce any claims (esp. payment claims) arising from the contractual relationship. Data of our contractual partners, information regarding the contracts concluded
with you and accounting information are stored in our computer system in a customer/supplier account.
The legal basis for data processing is Art. 4 (1) first sentence of the GDPR.
You must provide the necessary personal data for us to process your request prior to contract and for contract conclusion and processing. The provision is required according to the statutory provisions of the civil and tax law, in particular, and, as
the case may be, according to the contractual obligation. Without these data we cannot process your request, nor accept or make orders or conclude and perform a contract with you and may therefore need to end an existing contractual relationship.
General request of contact
The legal basis for data processing of your contact request is Art. 6 (1) sentence 1f of the GDPR in the case of a general request of contact without relation to a conclusion of contract, since we have a legitimate interest in answering your request and
you naturally expect us to reply.
You are free to make a request of contact, however, for the processing of such a request you need to provide your personal data. Otherwise we cannot process your request.
Further details are provided in the special notes on data processing.
Duration of storage
We store personal data
- as long as it is required for the execution of the existing contractual relationship with you or the performance of measures prior to conclusion of contract (legal basis: Art. 6 (1) sentence 1c of GDPR),
- and until the end of the storage periods defined by tax and trade law (legal basis: Art. 6 (1) sentence 1c of the GDPR). The storage and documentations periods according to the Commercial Code and the General Tax Code are between six and ten years.
Once the storage periods have expired, we delete the data, unless you have expressly declared your consent for further use. (Legal basis: Art. 6 (1) sentence 1a of the GDPR).
In the case of a simple contact request of an informative nature without relation to a contract, the stored personal data will be deleted once we assume that the aim of your request has been accomplished and when there are no conflicting statutory retention
periods which we need to comply with.
Please read below about further storage periods regarding automated data collection within the framework of the operation of the website.
Transfer of data
Usage of the website
Data gathered within the framework of website usage can, as the case may be, be transferred to technical service providers supporting us (e.g. website hosting and maintenance or mailing services) to ensure the provision of the website and for the purposes
mentioned above. These service providers were carefully chosen and commissioned to comply with data protection requirements. These service providers are bound by instructions and regular inspections by us.
We transfer your personal data only to third service providers if this is required to perform an existing contract with you. Data is transferred to a delivery service provider commissioned if goods need to be shipped and to the assigned payment service
provider for the processing of payment in the necessary scope. (Legal basis: Art. 6 (1) first sentence of the GDPR)
Personal data may also be transferred in accordance with Art. 6 (1) first sentence of the GDPR if it is required for the assertion, exertion or defence of legal claims, or if we are subject to a legal obligation to transfer data (Art. 6 (1c) GDPR).
Your rights (information, objection, rectification, complaint, etc.)
You have the following rights regarding your personal data we store:
- the right of access to these data according to Art. 15 GDPR;
- the right to immediate rectification of inaccurate personal data and completion of incomplete personal data concerning you according to Art. 16 GDPR;
- the right to erasure according to Art. 17 GDPR;
- the right to restriction of processing according to Art. 18 GDPR;
- the right to data portability according to Art. 20 GDPR;
- the right to lodge a complaint with a supervisory authority according to Art. 77 GDPR;
According to Art. 7 (3) GDPR you have the right to withdraw your consent to data procession at any time, the lawfulness of processing based on consent before its withdrawal is not affected hereby.
RIGHT TO OBJECT ACCORDING TO ART. 21 GDPR
You have the right to object at any time for reasons due to your particular situation against the processing of personal data concerning you which is done in compliance with Art. 6 (1e) GDPR (data processing carried out in public interest) and Art. 6
(1f) GDPR (data processing on the basis of consideration of interests); this shall also apply to profiling supported by this provision in the sense of Art. 4 (4) GDPR. If you object, we shall no longer process your personal data, unless we can prove
compelling reasons requiring protection for the processing of your data which outweigh your interests, rights and freedoms, or unless their processing serves the assertion, exertion or defence of legal claims.
OBJECTIONS NEED NOT FOLLOW A PARTICULAR FORM.
For further details please see the specified provisions of the GDPR.
II. Data Protection regarding the Visit of our Website
Server Log Files
We do not store these so-called “server log files”. “Server log files” are files automatically created and maintained by the server on which the website is based and consisting of a list of activities it performed browser like day and time of access,
browser version, browser type, used operating system, URL referrer etc.
General information on cookies
Cookies are small text files which are saved by a web server on an end device (e.g. computer, tablet, smart phone) of the user. These text files enable analysis of the user behaviour when visiting the website and to use it for targeted product recommendations
and interest-based advertising, for instance. This information contains, for example: browser type/version, operating system, URL referrer (source of a link), IP address (hostname of the used computer, possibly reduced for the purposes of anonymisation),
time of the server request, duration of the visit to the website, visited website.
Session cookies are only temporary and are automatically deleted when the browser is closed. Persistent cookies, on the other hand, are saved on the end device which opens the website and make it possible to recognize the respective browser when the website
is visited again. A cookie can be sent back to an opened website (so-called “first party cookie”) or to another website (so-called “third party cookie”).
Types of cookies used
On our website we generally use session cookies (PHPSESSID) for the operation of the website. These cookies save the current session regarding the PHP application and therefore guarantee that all the functions of the site which are based on the PHP programming
language can be fully displayed. They serve to ensure offered functions (such as language selection).
We use the following cookies:
Google Analytics – Website analysis (please find further information in a special section below)
If applicable, please find further information about the special usage of cookies for purposes of advertising and website analysis in this Data Protection Declaration under a special section.
Usage with/without cookies
You can adjust the configuration of your browser so as to be informed of the placing of cookies and to then decide whether you accept the cookies, or you can block the saving of cookies completely in your browser configuration. This may, however, lead
to restrictions in functionality when using our website. Please use the help menu of your browser to find information on respective browser configuration settings. You can delete saved cookies at any time. Deletion may be completed as an automated routine.
Please note that the functionality of the website may be restricted if you do not accept cookies.
Furthermore, there are special programmes or internet services that can enable anonymous surfing.
Cookies are used to permanently improve the usability of the website and to optimize the advertisement offer within the framework of user interests. Technically necessary cookies simplify the usage and enable certain functionalities, in particular ones
for which it is necessary that the browser is recognized again when websites are changed (examples: shopping basket functions, language settings, memorisation of search terms). By using analysis cookies, website usage can be studied and the handling
can be optimized constantly to avoid usage problems. The data gained by cookies are an important resource for this.
Thus is the predominant legitimate interest we have according to Art. 6 (1f) GDPR. In any case, as shown above, you may take appropriate measures in order to use the website anonymously or to block the saving of cookies, which might, however, restrict
functionality of the website.
The use of special cookies can, as the case may be, require your consent which we shall ask you for when necessary.
Use of Google Analytics
On this website Google Analytics is used, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). Google is certified according to the data protection agreement “Privacy Shield” which was made
between the USA and the European Union and which guarantees that the data protection provisions applicable in the EU are complied with.
Google Analytics uses so-called “cookies”. The information created by the cookie regarding your usage of the website (including your reduced IP address) is usually sent to one of Google’s servers in the USA and stored there.
Google will use this information to evaluate your usage of the website, to create reports on the website activities for us as the operator of the website and in order to provide further services connected the use of the website and the internet. If provided
by law or if third parties process this data on behalf of Google, as the case may be, Google will transfer this information to third parties. Google will not connect your IP address with other data available to Google.
On our website Google Analytics is extended by the code “gat._anonymizeIp();” to allow for an anonymous registration of your IP address (so-called IP Masking). Your IP address is shortened by Google within the member states of the European Union and in
other countries which are part of the agreement on the European Economic Area. Direct reference to you is therefore prevented. In the exceptional case, however, the full IP address might be transmitted to a server of Google in the USA where the address
will then be shortened
You can prevent the collection of data produced by cookies related to your usage of the website (including your IP address) as well as the processing of this data by Google if you download and install the browser plugin available at the following link:
The collection by Google Analytics can also be prevented (especially with browsers on mobile devices) by activating the following link. This sets an opt-out cookie that prevents future collection of your data when using this website:
disable Google Analytics
Note: The opt-out cookie only works in the browser you are currently using and for our website. If you delete cookies in your browser, the opt-out cookie must be activated again for the next visitor.
In addition, your browser can be configured so that you are informed about the setting of cookies to then decide whether you accept the cookies, or you can completely prevent the storage of cookies in your browser settings. Please use the help menu of
your browser to find information on the appropriate browser settings.
Please note that functionality of the website may be restricted if you do not accept cookies.
Furthermore, you can use special programmes or internet services for anonymous surfing.
If you have a Google Account or are registered with Google Services, Google Analytics can use a user ID to perform cross-device analysis. You can deactivate this in your Google account under “My data” – “personal data”
Please find more information on the handling of user data at Google Analytics in the Data Protection Terms of Google: https://support.google.com/analytics/answer/6004245?hl=en
Further detailed information on the Terms of Service and Data Protection of Google: https://support.google.com/analytics/answer/6004245?hl=en
and general information: https://www.google.de/intl/en/policies/
The legal basis for processing is Art. 6 (1) lit. f of the GDPR. We have a predominant legitimate interest in the statistical analysis for the optimization, advertising and management of our website. No personal data is collected for the reduction of
the IP address. If in an exceptional case the full address is transmitted to the USA and reduced only there, please note that Google is certified according to the data protection agreement “Privacy Shield” and therefore guarantees your rights according
to the European data protection standard.
This website uses the web service Google Maps (API). The provider is Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Google Maps provides graphic representations of maps (water, land and city), notably to indicate addresses, sites and routes.
By opening sites which have integrated Google Maps, information on your usage of our website is transmitted directly to the server of Google in the USA and stored there as well as processed in usage profiles. If you are logged in to your Google customer
account, these usage data are directly assigned to your user profile. If you do not agree with this, we recommend that you log out of any Google user account(s) prior to usage of our website.
The legal basis for data collection and evaluation by Google is Art. 6 (1f) GDPR. We have a legitimate interest in the usage of Google Maps in order to guarantee an attractive representation of our web offer and easy overview of the sites specified on
our website, in particular for our non-local customers. Furthermore, Google has a legitimate interest in the representation of personalised advertising, in market research and in a design of its web service which is tailored to market needs.
Please find further information in the Terms of Service and the Data Protection Terms of Google here: http://www.google.com/policies/
The Terms of Service of Google Maps are here: https://www.google.com/intl/en_US/help/terms_maps.html
Newsletter dispatch with Newsletter2go
We use the service Newsletter2Go for sending newsletters.
The service provider is Newsletter2Go GmbH Köpenicker Str. 126, 10179 Berlin, Germany (hereafter „Newsletter2Go“).
The data requested within the process of your registration for the newsletter is automatically forwarded to Newsletter2Go and stored on their server in Germany. The data is transferred on our behalf for the provision and dispatch of our electronic newsletters
as well as for the statistical evaluation of our newsletters. Using web beacons or tracking pixels (little graphic element in HTML-E-Mail or website), which are used for sending newsletters, it is possible to determine whether a newsletter is opened
and which links, if any, are activated. In addition, information such as IP address, type of browser used and operating system, date and time of access are automatically recorded. However, data collection is exclusively pseudonymised. This data is not
connected to or associated with your personal data. These data are not merged with other data sources.
The legal basis is Article 6 (1a) GDPR. The dispatch of the newsletter and the data processing required for this takes place after your registration and consent.
Another legal basis is Art. 6 (1f) GDPR. We have a legitimate interest in the use of a functional, safe and effective newsletter system for our advertising. In addition, Newsletter2Go has a legitimate interest in a demand-oriented design and functional
optimization of the newsletter service. However, Newsletter2Go will not use your data to contact you or to pass the data on to third parties.
We have a Data Processing Agreement with Newsletter2Go. This ensures that your personal data is transferred to Newsletter2Go in accordance with data protection regulations in europe and germany – General Data Protection Regulation (GDPR) and Federal Data
Protection Act (BDSG). You can find samples of the contract under the following link:
For further information, please refer to the data protection declaration of Newsletter2Go:
If you do not agree with this data processing, you must unregister from Newsletter2Go. Every newsletter contains an unsubscribe link. If you’d like to opt-out from the newsletter, simply click the link. As long as you subscribe to the newsletter, the
data will be stored. After unregistration the data will be deleted.
Contact form and email communication
We collect the data required to answer your inquiry through our contact form. This data is stored by us and used exclusively to answer your contact inquiries and for the associated technical administration. We cannot process your request without this
data. This also applies to your email enquiries. (Please note that when communicating via unencrypted emails, unauthorized access by third parties cannot be excluded.)
The legal basis for the processing of your contact requests is Art. 6 (1) sentence 1f GDPR, since we have a legitimate interest in responding to your request.
If contact is established on the basis of a contractual declaration or sought within the framework of an existing contractual relationship, the legal basis is Art. 6 (1) sentence 1b GDPR.
The stored personal data will be deleted if we assume that the reason for your inquiry has been settled and if there are no conflicting statutory retention periods which we need to comply with.
In the case of statutory retention periods, the data will be deleted after the expiry of these periods.
Data will not be deleted if you have expressly declared you consent for further use (legal basis: Art. 6 (1) sentence 1a GDPR).
To use the website without the collection and transmission of your data, you have the option of deactivating cookies, or you can open the website using an anonymisation service or using a so-called “do not track me” tool (e.g. http://donottrack.us/) or
suitable add-ons for your browser (e.g. http://noscript.net/), in particular for blocking plugins.
We have no responsibility or influence regarding compliance with data protection on websites of third parties which are linked on our website. Please find information on data protection regulations on the respective linked websites.